build

__swarm/bookstack/.env

@@ -0,0 +1,2 @@
+APPNAME=bookstack
+DOCKER_REGISTRY=r.sectorq.eu/library/

__swarm/bookstack/bookstack-swarm.yml

@@ -0,0 +1,50 @@
+version: '3.9'
+services:
+  app:
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bookstack:latest
+    ports:
+    - 6875:80
+    volumes:
+    - /share/docker_data/bookstack/bookstack_app_data:/config
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        homepage.container: bookstack-app-1
+        homepage.description: Books
+        homepage.group: Utilities
+        homepage.href: https://bookstack.sectorq.eu
+        homepage.icon: bookstack.png
+        homepage.name: Bookstack
+        homepage.server: my-docker-swarm
+        homepage.weight: 1
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  db:
+    env_file:
+    - stack.env
+    environment:
+      PGID: 0
+      PUID: 0
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/mariadb
+    volumes:
+    - /share/docker_data/bookstack/bookstack_db_data:/config
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager

__swarm/bookstack/docker-compose copy.yml

@@ -0,0 +1,88 @@
+---
+version: "2"
+services:
+  app:
+    image: lscr.io/linuxserver/bookstack:latest
+    environment:
+      PUID: 1000
+      PGID: 1000
+      APP_URL: https://bookstack.sectorq.eu
+      DB_HOST: db
+      DB_PORT: 3306
+      DB_USER: bookstack
+      DB_PASS: l4c1j4yd33Du5lo
+      DB_DATABASE: bookstackapp
+      # Set authentication method to be saml2
+      AUTH_METHOD: saml2
+      # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
+      # Prevents the need for the user to click the "Login with x" button on the login page.
+      # Setting this to true enables auto-initiation.
+      AUTH_AUTO_INITIATE: false
+      # Set the display name to be shown on the login button.
+      # (Login with <name>)
+      SAML2_NAME: authentik
+      # Name of the attribute which provides the user's email address
+      SAML2_EMAIL_ATTRIBUTE: email
+      # Name of the attribute to use as an ID for the SAML user.
+      SAML2_EXTERNAL_ID_ATTRIBUTE: uid
+      # Enable SAML group sync.
+      SAML2_USER_TO_GROUPS: true
+      # Set the attribute from which BookStack will read groups names from.
+      # You will need to rename your roles in Bookstack to match your groups in authentik.
+      SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group
+      # Name of the attribute(s) to use for the user's display name
+      # Can have multiple attributes listed, separated with a '|' in which
+      # case those values will be joined with a space.
+      # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
+      # Defaults to the ID value if not found.
+      ######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
+      SAML2_DISPLAY_NAME_ATTRIBUTES: username
+
+      # Identity Provider entityID URL
+      SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download
+      
+      # Auto-load metadata from the IDP
+      # Setting this to true negates the need to specify the next three options
+      SAML2_AUTOLOAD_METADATA: true
+
+
+
+
+
+
+      
+    volumes:
+      - /share/docker_data/bookstack/bookstack_app_data:/config
+    ports:
+      - 6875:80
+    restart: ${RESTART:-unless-stopped}
+    depends_on:
+      - db
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      homepage.group: Utilities
+      homepage.name: Bookstack
+      homepage.weight: 1
+      homepage.icon: bookstack.png
+      homepage.href: https://bookstack.sectorq.eu
+      homepage.description: Books
+      homepage.server: my-docker
+      homepage.container: bookstack-app-1
+      # homepage.widget.type: ${APPNAME}
+      # homepage.widget.url: https://${APPNAME}.sectorq.eu
+      # homepage.widget.key: ddfc91b29920082636da70cc677aec74c88a7666
+      # homepage.widget.version: 2
+  db:
+    image: lscr.io/linuxserver/mariadb
+    environment:
+      PUID: 0
+      PGID: 0
+      MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo
+      TZ: Europe/Bratislava
+      MYSQL_DATABASE: bookstackapp
+      MYSQL_USER: bookstack
+      MYSQL_PASSWORD: l4c1j4yd33Du5lo
+    
+    volumes:
+      - /share/docker_data/bookstack/bookstack_db_data:/config
+    restart: ${RESTART:-unless-stopped}

__swarm/bookstack/docker-compose.yml

@@ -0,0 +1,38 @@
+services:
+  app:
+    depends_on:
+    - db
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bookstack:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      homepage.container: bookstack-app-1
+      homepage.description: Books
+      homepage.group: Utilities
+      homepage.href: https://bookstack.sectorq.eu
+      homepage.icon: bookstack.png
+      homepage.name: Bookstack
+      homepage.server: my-docker
+      homepage.weight: 1
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 6875:80
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/bookstack/bookstack_app_data:/config
+  db:
+    env_file:
+    - stack.env
+    environment:
+      PGID: 0
+      PUID: 0
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/mariadb
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/bookstack/bookstack_db_data:/config
+version: '2'

__swarm/bookstack/stack.env

@@ -0,0 +1,86 @@
+PUID: 1000
+PGID: 1000
+APP_URL: https://bookstack.sectorq.eu
+DB_HOST: db
+DB_PORT: 3306
+DB_USER: bookstack
+DB_PASS: l4c1j4yd33Du5lo
+DB_DATABASE: bookstackapp
+MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo
+TZ: Europe/Bratislava
+MYSQL_DATABASE: bookstackapp
+MYSQL_USER: bookstack
+MYSQL_PASSWORD: l4c1j4yd33Du5lo
+# # Set authentication method to be saml2
+# AUTH_METHOD: saml2
+# # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
+# # Prevents the need for the user to click the "Login with x" button on the login page.
+# # Setting this to true enables auto-initiation.
+# AUTH_AUTO_INITIATE: false
+# # Set the display name to be shown on the login button.
+# # (Login with <name>)
+# SAML2_NAME: authentik
+# # Name of the attribute which provides the user's email address
+# SAML2_EMAIL_ATTRIBUTE: email
+# # Name of the attribute to use as an ID for the SAML user.
+# SAML2_EXTERNAL_ID_ATTRIBUTE: uid
+# # Enable SAML group sync.
+# SAML2_USER_TO_GROUPS: true
+# # Set the attribute from which BookStack will read groups names from.
+# # You will need to rename your roles in Bookstack to match your groups in authentik.
+# SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group
+# # Name of the attribute(s) to use for the user's display name
+# # Can have multiple attributes listed, separated with a '|' in which
+# # case those values will be joined with a space.
+# # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
+# # Defaults to the ID value if not found.
+# ######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
+# SAML2_DISPLAY_NAME_ATTRIBUTES: username
+
+# # Identity Provider entityID URL
+# SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download
+
+# # Auto-load metadata from the IDP
+# # Setting this to true negates the need to specify the next three options
+# SAML2_AUTOLOAD_METADATA: true
+
+
+# Set OIDC to be the authentication method
+AUTH_METHOD: oidc
+#AUTH_METHOD: standard 
+# Control if BookStack automatically initiates login via your OIDC system 
+# if it's the only authentication method. Prevents the need for the
+# user to click the "Login with x" button on the login page.
+# Setting this to true enables auto-initiation.
+AUTH_AUTO_INITIATE: true
+
+# Set the display name to be shown on the login button.
+# (Login with <name>)
+OIDC_NAME: SSO
+
+# Name of the claims(s) to use for the user's display name.
+# Can have multiple attributes listed, separated with a '|' in which 
+# case those values will be joined with a space.
+# Example: OIDC_DISPLAY_NAME_CLAIMS=given_name|family_name
+OIDC_DISPLAY_NAME_CLAIMS: name
+
+# OAuth Client ID to access the identity provider
+OIDC_CLIENT_ID: GCPj547vTmEpmsCM8jkuR222SS31yZMdp7oAU82U
+
+# OAuth Client Secret to access the identity provider
+OIDC_CLIENT_SECRET: Nador7SOdsYgfNhRwbeRKLNPkPiASBAlTnKVi294xbOz8MM3e2RlzAaWQsQNZmBtLLZVifb1TG3OpKrVXeeW3Vu8HmJuvy8GwSAT2r0pP0241tDdEShq7UkP9G5Esdt8
+
+# Issuer URL
+# Must start with 'https://'
+OIDC_ISSUER: https://auth.sectorq.eu/application/o/bookstack/
+
+# The "end session" (RP-initiated logout) URL to call during BookStack logout.
+# By default this is false which disables RP-initiated logout.
+# Setting to "true" will enable logout if found as supported by auto-discovery.
+# Otherwise, this can be set as a specific URL endpoint.
+OIDC_END_SESSION_ENDPOINT: false
+
+# Enable auto-discovery of endpoints and token keys.
+# As per the standard, expects the service to serve a 
+# `<issuer>/.well-known/openid-configuration` endpoint.
+OIDC_ISSUER_DISCOVER: true